Error while processing on PGP Universal Server when secondary SMTP connection times out

book

Article ID: 157862

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Mail is not delivered via PGP Universal Server, the server returns an error while processing and a reference to the SMTP-XXXXXX connection which can be looked up in the logs on the PGP Universal Server.

SMTP-XXXXXX: pgpproxy: unable to send mail transaction data to server error=-11989 (write failed)
SMTP-XXXXXX: error handling SMTP DATA event: write failed
SMTP-XXXXXX: pgpproxy: error reading/processing message error=-11989 (write failed)
 

Cause

The PGP Universal Server acts as a proxy that opens a secondary connection to the configured mail relay when itself receives a new connection. After the initial connection it mirrors all the SMTP commands from the primary connection to the secondary connection to the mail relay. It then receives the mail, processes it and forwards it via the secondary connection. In specific circumstances (huge mail, high number of recipients with timouts on key lookups, for example when key lookups are dropped on the firewall instead of rejected) the processing can take more than the connection timeout of the mail relay on the secondary connection. While we try to keep the secondary connection open by issuing NOOP commands, some mailservers have hard limits on the overall connection time. This means the secondary connection is dropped before the mail could be sent to the mail relay. When this occurs, the PGP Universal Server has only the option to return an error on the primary connection.
 

Resolution

Ensure that the processing time is within the timeout limits of the secondary SMTP connection. This can be done by either ensuring that the processing is faster (e.g. disable key lookups, limit the number of recipients, limit the size of the message) or by increasing the timeout values on the secondary connection.